This section is intended to introduce the reader to various aspects of art, which may be related to various aspects of the present invention that are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present invention. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
Conditional access systems (which will be used as a non-limitative example) for television (and other media) have been around for a long time to protect different kinds of content. Briefly speaking, in such a system, a service provider obtains content from a content provider and uses the conditional access system (CAS) to protect the content, notably using encryption, before delivery to a customer. The customer generally has some kind of decoder that implements part of the conditional access system and thereby verifies if the user has the rights to access the content and, if so, decrypts and renders the content.
As is well known, at the user end, the part of the CAS is often implemented in a smartcard (which will be used herein as a non-limitative example of a security module) that is removably inserted into the decoder. The smartcard is provided, at least indirectly, by the CAS provider that guarantees the security of the system: neither the decoder master key Kmi nor the keys that are obtain through its use should not be possible to extract from the smartcard.
FIG. 1 illustrates a first prior art scheme for accessing to a service. To allow a decoder equipped with a smartcard with identifier STBi access to a service j, encrypted using a service key Kj (advantageously common to all decoders in the system), the service provider encrypts service j using a symmetric encryption algorithm (such as for example Advanced Encryption Standard, AES) and the service key Kj before transmission. The service provider also encrypts the service key Kj, which can be common for all decoders, using a key that corresponds to the master key Kmi and, preferably, the symmetric encryption algorithm and transmits the encrypted service E{Kj}(j) and a message M(i,j) with the encrypted service key to the decoder.
The decoder first decrypts the message M(i,j) using the symmetric encryption algorithm and its master key Kmi to obtain the service key Kj that is the used with the symmetric encryption algorithm for decryption of the encrypted service E{Kj}(j) to obtain the service j. Since the master key Kmi is specific to the decoder, it is the only one that can decrypt the service using the message M(i,j).
FIG. 2 illustrates a second prior art scheme for accessing to a service. In order to enable more flexibility and more security in the system, it is often preferable to use a session key Ksj,t for the service j and, typically, a time period t. In this case the service provider encrypts the service j using the session key Ksj,t to obtain an encrypted service E{Ksj,t}(j), encrypts the session key Ks(j,t) using the service key Kj to obtain a first message T(j,t), and encrypts the service key Kj using the decoder master key Kmi to obtain a second message M(i,j). The encrypted service E{Kj,t}(j), the first message T(j,t) and the second message M(i,j) are sent, not necessarily at the same time to the decoder.
As in FIG. 1, the decoder reverses the operations. It decrypts the second message M(i,j) using the decoder master key Kmi to obtain the service key Kj, decrypts the first message T(j,t) using the service key Kj to obtain the session key that is used to decrypt the encrypted service E{Ksj,t}(j) to obtain the service j.
The schemes illustrated in FIGS. 1 and 2 work well in systems with a single service provider. However, recently the decoders have begun to evolve from ‘merely’ providing decryption of content to include new applications. Examples of such new applications comprise:                Transmission of value-added services, in a compressed format, destined for other devices in the user's home network, e.g. a second decoder, a smartphone or a tablet computer.        Download and execution of applications such as games from an application store (e.g. Apple Store, Freebox Revolution).        The content provider can provide value-added services via the decoder to the user, wherein the value-added services are not under the control of the service provider or the CAS provider.        
This means that the CAS's responsibilities are evolving. Previously guarantors for the security of the entire system, they become responsible for the security of the value-added services of the service provider while they at the same time ‘share’ the decoder with other, ‘secondary,’ service providers.
It is likely that the secondary service providers demand their own security functionality for protecting their services in the decoder and that this functionality provides a security level at least equal to that of the CAS.
It is possible to add further service providers by, for example, adding a story on top of the ones illustrated in FIGS. 1 and 2. Such a scheme is illustrated in FIG. 3 that extends the scheme illustrated in FIG. 1.
The further service providers have their master keys Kmi,k, encrypted using a root key for STBi Kri to obtain an encrypted master key W(i,k), where i is the index of STBi and k is the index of the service provider. This encrypted master key W(i,k) may be obtained using the smartcard by providing the master key Kmi,k to the smartcard that, as long as a specific fuse has not been blown, encrypts the master key Kmi,k using the root key Kri and outputs the encrypted master key W(i,k). The encrypted master key W(i,k) may then be stored outside the smartcard, for example in a flash memory. However, once the fuse is blown, the smartcard does not encrypt keys, it only decrypts encrypted keys.
It is to be noted that it is not necessary to know the root key, but it is impossible to add service providers during the lifetime of the smartcard, since the fuse for security reasons is blown before delivery to the end user. Even though encryption is the same as decryption in symmetric encryption, it is not possible to provide a key for ‘decryption’ and hope to obtain the ‘decrypted’—being the same as encrypted—key, since only the decrypted service is output from the smartcard; the intermediate keys are kept inside.
The decoder i receives the encrypted master key W(i,k) and decrypts it using the root key Kri and outputs the master key Kmi,k, which is used to decrypt a second message (M,i,j,k) to obtain a service key Kj,k for the service provider k. The service key Kj,k is then used to decrypt the encrypted service E{Ksj,k}(j,k) to obtain the service j,k in the clear.
As can be seen, there are a number of actors involved: a smartcard manufacturer, an integrator that manufactures the decoder, one or more service providers and client that provides the decoder to the end-users. While the prior art solutions allow customizing the smartcard to work with a number of service providers by adding their keys, the number is limited to the number of fuses in a One Time Programmable flash memory in the smartcard (one fuse is blown per added key). In addition, since the keys must be added at the factory using a special machine, these service providers must be known before the customized smartcard is delivered.
It will thus be appreciated that there is a need for a system that allows an end-user to access service providers not initially considered. For security reasons, the decoder manufacturer should control the addition of service providers, and the secret keys of the service providers should not be made known to other actors, in particular to other service providers.
The present invention provides such a possibility.